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DETAILED ACTION 

1 . This Office Action is prompted by the Applicant's response filed 8-1 8-201 0. 
Claims 1-13, 16, 17, 20-22, 24-31, 33-42 are pending and have been examined. 

Response to Arguments 

2. Applicant's arguments filed 8-1 8-201 0 have been fully considered but they are 
not persuasive. 

The Applicant argues that the rejections of the claims under 35 USC Sec. 102(e) 
as anticipated by Bonn et al., US 6,738,908 (henceforth Bonn) are improper. The 
Applicant asserts that Bonn fails to teach the features of: 

a. ) Sending a security policy document to a plurality of devices. 
However the Examiner respectfully counters that such is taught by Bonn at the 

cited location, at also for example, at col. 4 lines 38-51 and fig. 1 A where a security 
policy document is sent to a plurality of devices. 

b. ) A database system which stores a plurality of templates. . ." 

However, the Examiner respectfully counters that such is taught by Bonn at col. 6 
lines 20-25 where a computer system is taught comprising a memory with an operating 
system and software to implement the invention, and storing a plurality of templates" 

c. ) "...at least one of the templates (to) selectably incorporate a policy defined 
only by a different template. However, the Examiner finds that his limitation is taught by 
Bonn at col. 8 lines 38-54. 
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The Applicant argues that the rejections of the claims under 35 USC Sec. 103(a) 
as unpatentable over Bonn and Rothermal US 6,678,827 (henceforth Rothermal) are 
improper because Rothermal fails to teach the features of: 

a. ) Including a listing of users in the document created by template expansion 
where the users are identified by external information. However, the Rothermal teaches 
this feature at col. 11 lines 18-30 where information including a list of users (useri.d.s) 
referenced by external information (Company Name, IP Address, etc.) is included. 

b. ) "...at least one of the templates (to) selectably incorporate a policy defined 
only by a different template. However, the Examiner finds that his limitation is taught by 
Bonn at col. 8 lines 38-54. 



Claim Rejections - 35 USC § 102 

3. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 1 02 that 
form the basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under 
section 122(b), by another filed in the United States before the invention by the 
applicant for patent or (2) a patent granted on an application for patent by 
another filed in the United States before the invention by the applicant for patent, 
except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application 
filed in the United States only if the international application designated the 
United States and was published under Article 21(2) of such treaty in the English 
language. 
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4. Claims 1 , 2, 4-6, 8, 1 0-1 2, 39 and 41 are rejected under 35 U.S.C. 1 02(e) as 
being anticipated by Bonn et al., US 6,738,908. Bonn teaches: 

As for claim 1 , a method for automatically provisioning a plurality of computing 
devices in accordance with established policies (abstract, col. 2 lines 16-24), the 
method comprising the steps of: creating a plurality of templates reflecting said policies 
(col. 4 lines 6-51), expanding at least one template at a central location to create a 
document comprising expanded information (col. 4 lines 6-51, col. 6 lines 30-53), and 
sending from the central location the expanded document comprising the expanded 
information to said plurality of computing devices (col. 6 lines 30-53), 

As for claim 2, Bonn teaches interpreting the expanded information by agents 
which are respectively resident on each of said plurality of computing devices (col.9 line 
33-35: NSD's implement the new security policies). 

As for claims 4 and 1 0, Bonn teaches the limitations of claims 3 and 9 from which 
claims 4 and 10 depend respectively, and further wherein the plurality of templates 
includes a first category of templates that reflect policies applicable to all of the plurality 
of computing devices (col. 8 lines 1-34). 

As for claims 5 and 1 1 , Bonn teaches the limitations of claims 4 and 1 0 from 
which claims 5 and 1 1 depend respectively, and further wherein the plurality of 
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templates includes a second category of templates that reflect policies applicable to 
only a subset of the plurality of computing devices (col. 8 lines 42-54). 

As for claims 6 and 12, Bonn teaches the limitations of claims 4 and 10 from 
which claims 6 and 12 depend respectively, and further wherein the plurality of 
templates includes another category of templates that reflect policies only applicable to 
a particular type of the plurality of computing devices (col. 8 lines 42-54). 

As for claim 8, a system for automatically provisioning a plurality of computing 
devices in accordance with established policies, the system comprising: a database 
system which stores a plurality of templates which reflect said polices (col. 6 lines 20- 
25), a plurality of agents which are respectively resident on each of said plurality of 
computing devices (col. 9 line 33-35: NSD's implement the new security policies), and 
which communicate with said database system to obtain information with regard to 
provisioning and maintenance of the respective computing devices (col. 9 line 33-35: 
NSD's implement the new security policies), and a communications gateway through 
which communication messages are exchanged between said agents and said 
database system (col. 5 lines 55-60: Policy manager), wherein said communications 
gateway is configured to: retrieve the individual ones of the plurality of templates (col. 8 
lines 38-54), expand the plurality of retrieved templates to create respective documents 
containing combined template information and expanded information (col. 8 lines 38- 
54), and provided the documents containing the combined template information and 
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expanded information to said plurality of agents (col. 8 lines 38-54), wherein at least one 
of the templates selectably incorporates a policy defined only by a different template 
(col. 8 lines 38-54). 

As for claims 39 and 41 , Bonn teaches the limitations of claims 1 and 8 from 
which claims 39 and 41 depend respectively, and further wherein at least one template 
includes a reference to information external to the template (col. 4 line 64 through col. 5 
line 6), and wherein said communication gateway expands the template by creating a 
document that includes information contained in the template and said external 
information (col. 8 lines 38-54). 

Claim Rejections - 35 USC § 103 

5. The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

6. Claims 3, 7, 9, 1 3, 1 6, 1 7, 20-22, 24-31 , and 33-36 are rejected under 35 U.S.C. 
103(a) as being unpatentable over Bonn et al., and Rothermel US 6,678,827. 

As for claims 3 and 9, Bonn teaches the limitations of claims 1 and 8 from which 
claims 3 and 9 depend respectively, but not further wherein the structure of said plurality 
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of templates includes conditional statements that determine whether a template is to be 
expanded with predetermined information on the basis of the computing device to which 
the expanded information is being provided. However Rothermel does teach this feature 
(col. 10 lines 25-35, fig. 3B, fig. 8). Therefore it would have been obvious to one of 
ordinary skill in the art at the time the invention was made to incorporate these steps 
into the method of Bonn. It would have been desirable to do so since such a template 
field would allow an administrator to configure a network security policy template more 
quickly. 

As for claims 7 and 13, Bonn teaches the limitations of claims 1 and 8 from which 
claims 7 and 13 depend respectively, but not further wherein said policies are security 
polices regarding user access to each of the plurality of computing devices. However 
Rothermel does teach these steps (col. 1 1 lines 1-45). Therefore, it would have been 
obvious to one of ordinary skill in the art at the time the invention was made to 
incorporate these steps into the method of Bonn. It would have been desirable to do so 
since this would increase the range of security rules available to an administrator for 
configuration and hence increase the utility of the method of Bonn. 

As for claims 16 and 20, Bonn teaches the limitations of claim 39 and 41 from 
which claims 16 and 20 depend respectively, but not further wherein said external 
information comprises a list of users. However Rothermel does teach this feature (col. 
1 1 lines 18-30). Therefore, it would have been obvious to one of ordinary skill in the art 
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at the time the invention was made to incorporate these steps into the method of Bonn. 
It would have been desirable to do so since this would increase the range of security 
rules available to an administrator for configuration and hence increase the utility of the 
method of Bonn. 

As for claims 17 and 21, The combination of Bonn and Rothermel teaches the 
limitations of claims 9 and 3 respectively. Bonn fails to teach the additional feature 
wherein said communications gateway expands a template to include information 
contained in a conditional statement only if the computing device to which said 
expanded information is to be provided meets the condition. However, Rothermel does 
teach this feature (col. 1 1 lines 35-40). Therefore, it would have been obvious to one of 
ordinary skill in the art at the time the invention was made to incorporate these steps 
into the method of Bonn. It would have been desirable to do so since this would allow 
an administrator to expand a template automatically in cases where statements apply to 
a particular network device and hence increase the efficiency of the system. 

As for claim 22, Bonn teaches a method of controlling user access to networked 
computing devices (abstract, col. 1 lines 63-67), comprising the steps of: storing a 
plurality of templates that identify user-access policies for respective ones of said 
devices (col. 4 lines 38-51 ), at least one of said templates including a reference to 
information that is external to the template (col. 4 line 64 through col. 5 line 6); retrieving 
a template that pertains to a given one of said devices (col. 9 line 10-20), and sending 
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said document from said central location to the given one of said devices after 
expansion (col. 9 lines 30-33), and configuring at least one of the templates to 
selectably incorporate a policy defined only by a different template (col. 8 lines 38-54). 
Bonn fails to explicitly tech the steps of expanding the template by creating a document 
at a central location comprising a listing of users identified in said template and users 
identified by any externally referenced information. However, Rothermel does teach 
these features (col. 1 1 lines 18-30). Therefore, it would have been obvious to one of 
ordinary skill in the art at the time the invention was made to incorporate these steps 
into the method of Bonn. It would have been desirable to do so since this would 
increase the range of security rules available to an administrator for configuration and 
hence increase the utility of the method of Bonn. 

As for claim 24, the combination of Bonn and Rothermel teach all of the 
limitations of claim 22 upon which claim 24 depends. Bonn fails to teach the additional 
feature wherein said external information comprises a list of users. However Rothermel 
does teach this feature (col. 1 1 lines 18-30). Therefore, it would have been obvious to 
one of ordinary skill in the art at the time the invention was made to incorporate these 
steps into the method of Bonn. It would have been desirable to do so since this would 
increase the range of security rules available to an administrator for configuration and 
hence increase the utility of the method of Bonn. 
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As for claim 25, The combination of Bonn and Rothermel teaches all of the 
features of claim 24 upon which claim 25 depends. Bonn fails to teach the additional 
features wherein all of the users on said list perform a specified role relative to said 
computing devices. However Rothermel does teach this feature (col. 1 1 lines 20-45). 
Therefore, it would have been obvious to one of ordinary skill in the art at the time the 
invention was made to incorporate these steps into the method of Bonn. It would have 
been desirable to do so since this would increase the range of security rules available to 
an administrator for configuration and hence increase the utility of the method of Bonn. 

As for claim 26, the combination of Bonn and Rothermel teaches the limitations 
of claim 25 from which claim 26 depends. Bonn fails to teach the additional features 
wherein at least one of the templates includes a conditional statement, and the step of 
creating a document comprises including information from said conditional statement in 
said document only if said given device meets the condition. However, Rothermel does 
teach these features (col. 10 lines 25-35, fig. 3B, fig. 8). Therefore it would have been 
obvious to one of ordinary skill in the art at the time the invention was made to 
incorporate these steps into the method of Bonn. It would have been desirable to do so 
since such a template field would allow an administrator to configure a network security 
policy template more quickly. 

As for claims 27 and 33, Bonn teaches the methods of claim 22 and 31 from 
which claims 27 and 33 are dependent respectively, and further wherein the plurality of 
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templates includes a first category of templates that reflect policies applicable to all of 
the plurality of computing devices (col. 8 lines 1-34) and further wherein the plurality of 
templates includes a second category of templates that reflect policies applicable to 
only a subset of the plurality of computing devices (col. 8 lines 42-54). 

As for claims 28 and 34, Bonn teaches the method of claims 27 and 33 from 
which claims 28 and 34 are dependent respectively, and further wherein a template in 
the second category inherits policies contained in a template of said first category (col. 8 
lines 42-54). 

As for claims 29 and 35, Bonn teaches the method of claims 28 and 34 from 
which claims 29 and 35 are dependent respectively, and further wherein said 
inheritance can be selectively disabled (col. 9 lines 1-20). 

As for claims 30 and 36, Bonn teaches the method of claims 28 and 34 from 
which claims 30 and 36 are dependent respectively, and further including a third 
category of templates that pertain to specific devices and inherit policies from templates 
in said second category (col. 9 lines 34-39). 

As for claim 31 , Bonn teaches a method for controlling user access to networked 
computing devices (abstract, col. 1 lines 63-67), comprising the steps of: storing a 
plurality of templates that identify user-access policies for respective ones of said 
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devices (col. 4 lines 38-51 ), retrieving a template that pertains to a given one of said 
devices (col. 8 lines 38-67), creating a document at a central location and sending said 
document from said central location to the given one of said devices (col. 9 lines 30-35), 
and configuring at least one of the templates to selectably incorporate a policy defined 
only by a different template (col. 8 lines 38-54). Rothermel teaches the additional 
limitations that Bonn fails to teach, namely: wherein at least one of said templates 
includes a conditional statement (col. 10 lines 25-35, fig. 3B, fig. 8), wherein the 
document comprises a listing of users identified in said template (col. 11 lines 18-45) 
and users identified in any conditional statement if said given device meets the 
condition (col. 11 lines 18-45). Therefore, it would have been obvious to one of ordinary 
skill in the art at the time the invention was made to incorporate these steps into the 
method of Bonn. It would have been desirable to do so since this would increase the 
range of security rules available to an administrator for configuration and hence 
increase the utility of the method of Bonn. 

7. Claims 37, 38, 40, and 42 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Bonn and Rothermel, and further in view of Teng et al., US 
7,380,008. 

The combination of Bonn and Rothermel fails to teach the feature wherein the 
document is an XML document. However, Teng does teach such an XML document 
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where an XML template is expanded at a central location by a server and where the 
document includes references to information external to the template (fig. 39, col. 47 
line 28 through col. 49 line 34). Therefore it would have been obvious to one of 
ordinary skill in the art at the time the invention was made to incorporate this feature 
into the system of Bonn and Rothermel. It would have been obvious to do so since this 
would allow for the use of XML documents compatible with common platforms such as 
JAVA and allow greater portability of the system. 

Conclusion 

8. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1 .136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 
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9. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Paul E. Callahan whose telephone number is (571) 272- 
3869. The examiner can normally be reached on M-F from 9 to 5. 

If attempts to reach the examiner by telephone are unsuccessful, the Examiner's 
supervisor, Emmanuel Moise, can be reached on (571) 272-3865. The fax phone 
number for the organization where this application or proceeding is assigned is: (571) 
273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 
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Supervisory Patent Examiner, Art Unit 2437 



